packages/mozjs102
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!16 [sync] PR-15: Fix CVE-2023-6209

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @open-bot 
Signed-off-by: @open-bot
This commit is contained in:
openeuler-ci-bot 2024-07-10 07:03:51 +00:00 committed by Gitee
commit eb663f1092
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
CVE-2023-6209.patch Normal file
View File

@ -0,0 +1,33 @@
From f8389177cbce4fe098042850ada25feb7e6ba5a7 Mon Sep 17 00:00:00 2001
From: Valentin Gosu <valentin.gosu@gmail.com>
Date: Thu, 19 Oct 2023 07:40:28 +0000 (8 months ago)
Subject: [PATCH] CVE-2023-6209
---
netwerk/base/nsStandardURL.cpp | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp
index b1b3ba1ef4..14aa8d5a5d 100644
--- a/netwerk/base/nsStandardURL.cpp
+++ b/netwerk/base/nsStandardURL.cpp
@@ -2707,7 +2707,15 @@ nsStandardURL::Resolve(const nsACString& in, nsACString& out) {
// locate result path
resultPath = strstr(result, "://");
if (resultPath) {
- resultPath = strchr(resultPath + 3, '/');
+ // If there are multiple slashes after :// we must ignore them
+ // otherwise net_CoalesceDirs may think the host is a part of the path.
+ resultPath += 3;
+ if (protocol.IsEmpty() && Scheme() != "file") {
+ while (*resultPath == '/') {
+ resultPath++;
+ }
+ }
+ resultPath = strchr(resultPath, '/');
if (resultPath) {
net_CoalesceDirs(coalesceFlag, resultPath);
}
--
2.33.0

6
mozjs102.spec
View File

@ -24,7 +24,7 @@
Name: mozjs%{major} Name: mozjs%{major}
Version: 102.9.0 Version: 102.9.0
Release: 4 Release: 5
Summary: SpiderMonkey JavaScript library Summary: SpiderMonkey JavaScript library
License: MPL-2.0 AND Apache-2.0 AND BSD-3-Clause AND BSD-2-Clause AND MIT AND GPL-3.0-or-later License: MPL-2.0 AND Apache-2.0 AND BSD-3-Clause AND BSD-2-Clause AND MIT AND GPL-3.0-or-later
URL: https://hg.mozilla.org/releases/mozilla-esr102 URL: https://hg.mozilla.org/releases/mozilla-esr102
@ -62,6 +62,7 @@ Patch21: 0001-Skip-failing-tests-on-ppc64-and-s390x.patch
# riscv64 sipdermonkey jit # riscv64 sipdermonkey jit
Patch22: spidermonkey-riscv64-plct.patch Patch22: spidermonkey-riscv64-plct.patch
Patch23: CVE-2023-44488.patch Patch23: CVE-2023-44488.patch
Patch25: CVE-2023-6209.patch
# mold # mold
@ -254,6 +255,9 @@ ln -s libmozjs-%{major}.so.0 %{buildroot}%{_libdir}/libmozjs-%{major}.so
%{_includedir}/mozjs-%{major}/ %{_includedir}/mozjs-%{major}/
%changelog %changelog
* Wed Jul 10 2024 lvfei <lvfei@kylinos.cn> - 102.9.0-5
- Fix CVE-2023-6209
* Tue Jun 25 2024 lvfei <lvfei@kylinos.cn> - 102.9.0-4 * Tue Jun 25 2024 lvfei <lvfei@kylinos.cn> - 102.9.0-4
- Fix CVE-2023-44488.patch - Fix CVE-2023-44488.patch